1. Home
  2. CVE Database
  3. CVE-2016-5722
HIGH · 7.3

CVE-2016-5722

Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct r...

Vulnerability Description

Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network.

CVSS Score

7.3

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
HuaweiOcean Stor 18500 V3-
HuaweiOcean Stor 18800 V3-
HuaweiOcean Stor Firmware<= v300r003c00spc100
HuaweiOcean Stor 5300 V3-
HuaweiOcean Stor 5500 V3-
HuaweiOcean Stor 5600 V3-
HuaweiOcean Stor 5800 V3-
HuaweiOcean Stor 6800 V3-

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2016-5722?

CVE-2016-5722 is a vulnerability with a CVSS score of 7.3 (HIGH). Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct r...

How severe is CVE-2016-5722?

CVE-2016-5722 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-5722?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Ocean Stor 18500 V3, Huawei Ocean Stor 18800 V3, Huawei Ocean Stor Firmware, Huawei Ocean Stor 5300 V3, Huawei Ocean Stor 5500 V3.